Currently I have a submodule repo, that contains 8 or so github actions. These will be shared between many repos that use the same github actions. I cannot seem to retrigger the actions inside the submodule path, and it only runs the initial action which pulls the submodules
on:
pull_request:
jobs:
sync:
name: 'Submodules Sync'
runs-on: ubuntu-latest
defaults:
run:
shell: bash
steps:
- name: Checkout
uses: actions/checkout#v2
with:
token: ${{ secrets.BOT_GITHUB_ACCESS_PACKAGES_TOKEN }}
submodules: recursive
- name: Checkout submodules
run: git submodule sync && git submodule update --init --recursive
which pulls the submodule into .github/workflows/service-workflows
Related
Currently, when I have a new release on a GitHub repo, I need to update all the readme with the new tag.
Example of readme.md (version 1.0.0):
My Java library project
You need to add
`implementation io.github.me:javalib:1.0.0`
And I update the readme to (version 2.0.0):
My Java library project
You need to add
`implementation io.github.me:javalib:2.0.0`
But this manual update is fastidious and sometimes I forgot some tag when I update the documentation.
How can we can automate that?
You can automatize that with a GitHub Action like this:
Requirements
You need to give permission to your GitHub Actions to create a pull request in your GitHub repo settings (Settings -> Actions -> General).
GitHub Actions examples
These GitHub Actions get automatically the tag of the new release and update your readme with the old tag with the new tag.
Update the readme with a pull request
name: Update files
on:
release:
types: [published]
jobs:
publish:
runs-on: ubuntu-latest
steps:
- name: Update files
uses: MathieuSoysal/file-updater-for-release#v1.0.1
with:
files: README.md # List of files to update
prefix: "io.github.me:javalib:" # Prefix before the version in your cas is io.github.me:javalib:
- name: Create Pull Request
uses: peter-evans/create-pull-request#v4
with:
token: ${{ secrets.GITHUB_TOKEN }} # You need to create your own token with pull request rights
commit-message: update readme
title: Update readme
body: Update readme to reflect release changes
branch: update-readme
base: main
Update the readme directly with a commit
name: Update files with commit
on:
release:
types: [published]
jobs:
publish:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout#v3
with:
fetch-depth: 0
token: ${{ secrets.GITHUB_TOKEN }} # You need to create your own token with commit rights
ref: main # The branch you want to commit to
- name: Update files
uses: MathieuSoysal/file-updater-for-release#v1.0.1
with:
files: README.md # List of files to update
prefix: "io.github.me:javalib:" # Prefix before the version in your cas is io.github.me:javalib:
with-checkout: false # If you don't want to checkout the repo, default is: true
- name: Push changes
uses: EndBug/add-and-commit#v9
with:
committer_name: GitHub Actions
committer_email: actions#github.com
add: .
message: 'update files'
Source
file-updater-for-release
This is my github action workflow.
name: Release
on:
push:
branches:
- main
jobs:
release:
name: Release
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout#v2
with:
persist-credentials: false
- name: Setup java
uses: actions/setup-java#v1
with:
java-version: 11
- name: Setup node
uses: actions/setup-node#v1
with:
node-version: "14.x"
cache: npm
- name: Install dependencies
run: npm ci
- name: Build package
run: npm run build --if-present
- name: Semantic release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
HUSKY: 0
run: chmod +x script/prepare-release.sh && npx semantic-release
However, my workflow fails with the following error log.
[semantic-release] › ✖ An error occurred while running semantic-release: Error: Command failed with exit code 1: git push --tags https://x-access-token:[secure]#github.com/didrlgus/convention-template.git HEAD:main
remote: error: GH006: Protected branch update failed for refs/heads/main.
remote: error: At least 1 approving review is required by reviewers with write access.
Maybe it's because my main branch is a protected branch.
How can I push with a protected branch on github action?
There is a workaround. Steps as follows:
Create new Github user eg. my-org-bot
Generate Personal Access Token for this user on https://github.com/settings/tokens and save it somewhere (select repo scope for the token)
Go to your repo and add my-org-bot to contributors
Open your branch protection rules and add my-org-bot to the rule below:
Go to repository secrets and add new secret for Actions with key =BOT_ACCESS_TOKEN and the value = Personal Access Token generated previously
Modify your GH Workflow Checkout step with below:
Now your workflow should be able to push directly to your protected branch on behalf of my-org-bot user.
The solution that works for us is as follows:
name: Version and Package Repo
on:
push:
branches: [ master, main ]
jobs:
build:
if: github.event.commits[0].author.name != 'GitHubActions'
runs-on: ubuntu-18.04
steps:
- name: Checkout repo
uses: actions/checkout#v2
with:
fetch-depth: 0
token: ${{ secrets.PAT }}
- name: Configure git
run: |
git config user.name "GitHubActions"
git config user.email "<>"
- name: Install NPM Packages
run: npm install
env:
NODE_AUTH_TOKEN: $\{{ secrets.PAT }}
- name: Version and Package
run: npm version patch --force
env:
NODE_AUTH_TOKEN: $\{{ secrets.PAT }}
- name: Update git
run: |
git push
git push --tags
This runs on all pushes to master and main branches (we use the same script on multiple repos) and it:
checks the repo out
configures git
installs and then versions some NPM packages (not relevant to this issue, aside from the job making some kind of change to the repo) - this creates a new commit
pushes the changes back to the same branch
secrets.PAT is a personal access token of a user with admin rights and the repo has branch protection on, but excludes admins.
It is worth considering that if you run git push from an action with the on push trigger and you're using a PAT rather than GITHUB_TOKEN, then the action will run in a loop. If you are using GITHUB_TOKEN then GitHub Actions prevents the action running again automatically. We use the conditional if line at the top of the job to prevent the job running if the author name of the last commit is GitHubActions. This is the author name set in the Configure git stage, so the commits that happen within this job (as a result of npm version patch) are from an author with this name.
If the author variable doesn't work for you, there are plenty of others you can use:
https://docs.github.com/en/actions/learn-github-actions/contexts#github-context
https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#push
The downside of this approach is that you always get a second run appear in your list of actions which is immediately skipped.
I couldn’t find a solution that was acceptable to me/work. So, the only option I was left with was avoiding updates in CI that need to be pushed up. That means versioning and changelogs have to be done as part of a user commit/PR. And I created some tooling it make sure it’s done right, in case it helps anyone else: https://github.com/Shakeskeyboarde/anglerci
My scenario: I am in a repo1 (that is where I have this workflow file) and trying to pull repo 2 (both are in the same organization) from repo 1 with the following code:
- name: Checkout aaa-frontend repo
uses: actions/checkout#v2
with:
repository: Orgn1-Global/aaa-frontend
path: develop
token: ${{ github.token }}
From the below error, I assume that, it is able to locate the repository but only has a problem in locating the branch. Is this correct?
Run actions/checkout#v2
Syncing repository: Orgn1-Global/aaa-frontend
Getting Git version info
Initializing the repository
Disabling automatic garbage collection
Setting up auth
Determining the default branch
Retrieving the default branch name
Not Found
Waiting 17 seconds before trying again
Retrieving the default branch name
Not Found
Waiting 12 seconds before trying again
Retrieving the default branch name
Error: Not Found
and what's the right way to pull the 'main' branch of repo 2 from this repo 1?
If I understand your requirement correctly, do you want to checkout repo1 and repo2 in the repo1 action workflow ?
If Yes - It has to be like this:
# checkout of repo1 - where you have your workflow file
- name: Checkout
uses: actions/checkout#v2
with:
path: main
# checkout repo2 in a folder called my-tools
- name: Checkout tools repo
uses: actions/checkout#v2
with:
repository: my-org/repo2
path: my-tools
you can always find an awesome examples in Github action public repository. Here is the checkout one.
Below piece of code should fetch you main branch of aaa-frontend repo
- name: Checkout aaa-frontend repo
uses: actions/checkout#v2
with:
repository: Orgn1-Global/aaa-frontend
path: develop
token: ${{ github.token }}
ref: main
I have an Angular application, source code stored on GitHub. I want to create this pipeline to deploy the code:
On push anything into the deploy-test branch, it starts the workflow.
GitHub will create a runner
Runner pull the code
Runner start build process
Runner create a new git branch, called deploy-test-build
Runner push the built files to GitHub repository.
The self-hosted runner watch the pushes on deploy-test-build branch, it starts another workflow.
Here is my first action file:
name: Build test
on:
push:
branches:
- deploy-test
jobs:
build:
name: Build and Test
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout#v2
with:
ref: deploy-test
- name: Use Node 12.x
uses: actions/setup-node#v1
with:
node-version: '12.x'
- name: Install dependencies
run: |
cd angular
npm ci
- name: Build
run: cd angular && npm run build:ci:test
- name: Publish build
run: |
git config --global user.email "my email"
git config --global user.name my name"
git checkout -b deploy-test-build
git add --force angular/dist
git commit -m "latest build"
git push --force origin deploy-test-build
This has this output on last step:
Run git config --global user.email "my email"
Switched to a new branch 'deploy-test-build'
[deploy-test-build d3fce92] latest build
9 files changed, 1485 insertions(+)
create mode 100644 dist/3rdpartylicenses.txt
create mode 100644 dist/favicon.ico
create mode 100644 dist/index.html
create mode 100644 dist/main.0ac5b66d2bf9e9e9e7ab.js
create mode 100644 dist/polyfills-es5.71ee1b4bd0370b429e7d.js
create mode 100644 dist/polyfills.22c48ffe45b9a56d0593.js
create mode 100644 dist/runtime.eba877d1204fd67b69cb.js
create mode 100644 dist/scripts.7a55fdf6a96cbe55ae9f.js
create mode 100644 dist/styles.18a91683a46b36a985e8.js
To https://github.com/myrepos-name
+ 4298d17...d3fce92 deploy-test-build -> deploy-test-build (forced update)
And the next one:
name: Deploy to test server
on:
push:
branches:
- deploy-test-build
jobs:
prepare:
name: Prepare to clone a new version
runs-on: self-hosted
steps:
# ...
But this last workflow called Deploy to test server not started.
Any idea how can I fix it?
I have the following action on Github actions that automatically packs and deploy a package to nuget.org every time a PR gets merged into master.
name: Nuget Deploy
on:
push:
branches: [ master ]
jobs:
build:
runs-on: windows-latest
steps:
- uses: actions/checkout#v2
- name: Setup .NET Core
uses: actions/setup-dotnet#v1
with:
dotnet-version: 3.1.101
- name: Generate Nuget package
run: dotnet pack
working-directory: DateOverride
- name: Deploy to nuget.org
run: dotnet nuget push *.nupkg -k ${{ secrets.NUGET_DEPLOY_KEY }} -s https://api.nuget.org/v3/index.json
working-directory: DateOverride/DateOverride/bin/Debug
But I would like that it was not run if my update is only a README.md update, is it possible to do so?
I'd think the paths-ignore setting should help:
on:
push:
branches:
- master
paths-ignore:
- '**/README.md'
You might want to combine your current GitHiub Action with another like MarceloPrado/has-changed-path
This action outputs whether a path or combination of paths has changed in the previous commit.
[This] action is meant to be used inside your job steps, not at the root of your workflow file
Or (opposite filter): dorny/paths-filter
With this Github Action you can execute your workflow steps only if relevant files are modified.